Colin Charles Agenda

The general paranoia at conferences is such that there almost always is WiFi, and there almost always is someone wanting to snoop your traffic. I guess, in a similar vein, this could also happen at Starbucks. So, on day 1, at foss.in I tried to recollect what I used to do, ages ago (when I used to run Fedora on my R51, before the disk died, and I realised I lacked a backup of /root).

iptables
Firewalls break networks? They also secure networks. I have access to some legacy POP servers, that don’t support SSL/TLS like the IMAP servers I have access to. Firing up Thunderbird, to change the settings, to point to localhost, just seems like a waste of time. So the magic of iptables comes into play.

iptables -t nat -A PREROUTING -p tcp -d my.pop.server –dport 110 -j DNAT –to-destination 127.0.0.1:1235
iptables -t nat -A OUTPUT -p tcp -d my.pop.server –dport 110 -j DNAT –to-destination 127.0.0.1:1235

The above, ensures that to access my.pop.server:110, the traffic is automatically routed now to localhost:1235. Clearly, I don’t run a POP server on my laptop, so this is where SSH port forwarding comes into play.

SSH port forwarding
Provided you have access to a server via SSH, and you trust it, you can tunnel your traffic through it. Its made very easy by the:
-L localport:my.pop.server:foreignport

So using the above example, that would be -L 1235:my.pop.server:110.

Then, let’s not forget the useful -C option, to compress traffic.

And hey, web surfing isn’t secure either, so lets create a SOCKS5 proxy while we’re at it. ssh supports the -D option, which works a charm. Use it such that you have something like:
-D 8188

And now, configure your web browser, to use a SOCKS proxy, localhost:8188. You can also configure it in GNOME, under the Network Proxy, but it seems like not all applications respect it (for instance, I can get pidgin to segfault, and Liferea will not get RSS updates for some reason, etc.).

So to sum it up, your SSH command should look something like:
ssh -D 8188 -L 1235:my.pop.server:110 -C my.ssh.server

Discuss
Am I missing something? Do you have an easier iptables rule? Yes, I realise I can also use a VPN. If you have other tips, please don’t hesitate to comment. Thanks.

Technorati Tags: ssh, iptables, travel, tips, wifi, open access points, socks5

foss.in is officiated. Atul is on stage, speaking and the room is filled up. The lighting ceremony happened, a while ago. “Only an Indian can give a keynote, at foss.in” - here comes the Anjuta keynote, by Naba Kumar. History of Anjuta? The name, was the name of his girlfriend, and now, its his wife (they have a cute daughter, whom we got to see at Opus last night).

Last night quite a number of us went to the Opus, for a Mozilla party. It was truly, a hip event. Lots of beer, lots of chatter, and there was even some local Indian scotch towards the tail-end of the night. We were having so much fun, we didn’t even realise dinner wasn’t around yet ;) Aizat and I wolfed down some amazing pasta in under 5 minutes around 11pm.

Kudos to Shreyas and Shilpa for ensuring we were all safe and sound (and Kishore who sent me home, since I missed the bus :P). It was great to speak with Tejas, Allen, Gopal and the rest of the crew.

Yesterday, spent some time in Juergen Schmidt’s talks in the OpenOffice.org Project Day. I tailed into another talk about translations in Kerala, who seemed to represent the government of Kerala to some extent. Translations alone don’t interest me, but finding out more about FOSS use in Kerala clearly does. I am after all, a Mallu ? I hope I got that right :)

Jumped to see Tom Callaway speak about Fedora Secondary Architectures, though there are some things there that I feel are a little incorrect with the idea behind it. Build machines, not hosted by the Fedora Project? Wrong. Packages and the distribution itself, save for the torrents, not hosted by the Fedora Project? Wrong. Allowing a build of software to fail on a secondary architecture? Wrong. Allowing the secondary arch maintainer to fix broken packages? Smart. Though honestly, I think this might end up having to becoming a team.

Rahul Sundaram’s talk about spins was great. Considering I was building LiveCDs before there were tools, to do so, I’m glad that there are so many ways to do so now (easily, even). And of course chit chatting with him over beer at the Opus later, was fun.

Anyways, time to pay attention to the Anjuta talk. Not a big fan of IDEs myself, but I’m seeing the need for it (for folk that aren’t comfortable with vim).

Technorati Tags: foss.in, foss.in 2007, opus, party, fedora, openoffice.org, secondary architectures, livecd